Enterprise Information Security Officer

• Mar 2020 - Present

Chair

• Jun 2016 - Jun 2021

The Cyber Security Leadership Council on Youth and Education will provide strategic insight and thought leadership to inform the development of Canada’s National Cyber Security Education Initiative as well as key activities to be included as part of the initiative: To strengthen the current and future capacity and capability of youth so that they can better protect Canada's information assets, and To promote skills and talent development in ICT and cyber security to ensure that Canada maintains its competitive advantage in the digital economy. Expected Outcomes: A national cyber security education strategy and action plan that will inform educational programming, labour force development, and research as well as any other challenges or opportunities as identified by the Leadership Council. Initiation of Canada’s National Cyber Security Education Initiative and key activities to support its mandate, including CyberTitan. www.cybertitan.ca Show less

Chief Information Security Officer (CISO)

• Feb 2018 - Mar 2020

Business owner of all enterprise security processes: physical, cybersecurity and Energy and Utilities Board adopted NERC/CIP regulatory requirements (CIP Senior Manager).Executive and Board of Directors' communication regarding creation, implementation and operation of an integrated IT/OT security management program for a vertically integrated electric utility that includes generation, transmission, distribution systems and the system operator.Lead subject matter expert and decision maker on all projects to ensure best practice of security related, legislative and regulatory compliance throughout the organization. Show less

Senior Cyber-Security Strategist

• Aug 2015 - Mar 2020

Chief Information Security Officer (CISO)

• Aug 2011 - Apr 2015

Point of contact for information assurance & information security guidance for ~150 public bodies, including departments, commissions, health agencies, education districts, municipalities, and crown corporations.Directing the operation and continuous improvement of the overall information assurance program (formerly Enterprise IT Governance Risk and Compliance). Tracking risks to the government’s ability to reach its strategic key enabler of information readiness. Direct the government’s Security Event Management Centre which offered security monitoring, vulnerability assessments, incident handling and forensics services to all public bodies.Chair of the information security community of practice, running a program that brings working groups together to determine shared security issues and determine where best to make enterprise investments to protect the government’s infrastructure; Whether that is policy improvement, technology investment or process creation .Member of Privacy Assessment Review Committee (PARC) providing support and advice to public body ministers on NB privacy law (RTIPPA).NB representative on National Chief Information Officer (CIO) Subcommittee on Information Protection (NCSIP) cooperating on the deployment of information and communications technologies to support operational and program delivery functions of governments in Canada.NB representative on the support committee for Deputy Minister / Clerks' table on cyber security identifying key cyber security risks and gaps facing governments, and priority activities for joint Federal, Provincial, Territorial collaboration to address these areas. Show less

Chief Information Security Strategist

• Aug 2009 - Apr 2015

Creating and communicating the Enterprise’s Current & Target Information Security Architectures, including the structure and inter-relationships of components, and the principles governing their design to ensure alignment with & support of the enterprise’s strategic objectives.Creating and communicating supporting Information Assurance and Information Security StandardsCollaborating with the Chief Architects in the Business, Data, Application and Technology realms to ensure information security was appropriately accounted for throughout the Enterprise Architecture work.Reviewing work from public body architects for compliance with the Enterprise Architecture principles and recommending any changes to ensure alignment with overall organizational planning. Show less

Senior Security Controls Analyst

• Nov 2007 - Aug 2009

Develop, implement and continually review the IT Risk Governance Framework for both CTFS and CTBank. Review and rewrite policies, directives and security processes to ensure alignment with ever changing regulatory and legal requirements environment and the Enterprise Governance/Risk/Compliance plans. Creation and ongoing review of metrics program to measure implementation and effectiveness of Controls within the Risk Management Framework Manage audit engagements, co-ordinate management response and action plans, present findings to executives and acquire sign offs and attestations in support of multiple regulatory needs. Show less

Senior IT Security Governance Manager

• Sep 2003 - Nov 2007

ISO 27001 compliance gap disclosure, policy development and managing activities to ensure that security risk treatment plans exist and are adequately documented, evaluated and tested. Develop appropriate policies, as required, in conformance to the ISO 27001 Framework.Populate IT Security Controls Management System with controls required to satisfy ISO 27001 certification.Chose key performance indicators and built metrics program and self assessments around these for each control. Show less

Senior Security Analyst

• Oct 2001 - Sep 2003

Security Advisor for four groups comprised of over 40 administrators working on over 800 servers spread across Atlantic Canada. Manage Initiatives for improving all aspects of security for the Operations group, including projects for deploying new security tools, patches and awareness training.

Unix Systems Adminstrator

• Apr 2000 - Oct 2001

Technical administration for Unix systems, spanning a variety of service types including DNS, Webservices, IPTV, IVRs etc. Responsible for security hardening and regular maintenance through system life cycle to decommissioning. Technical administration for Unix systems, spanning a variety of service types including DNS, Webservices, IPTV, IVRs etc. Responsible for security hardening and regular maintenance through system life cycle to decommissioning.

Exam Content Developer

• 1999 - 2001

I worked with BrainBench on several projects, delivering exam question and answer content on topics involving operating system administration, web server implementation, networking and security for their range of certification programs. I worked with BrainBench on several projects, delivering exam question and answer content on topics involving operating system administration, web server implementation, networking and security for their range of certification programs.

Class Facilitator

• 1997 - 2000

Delivered training to multiple large organizations; Health Care providers, Telecommunications Service Providers etc. Developed and delivered technical courses including the following topics: -TCP/IP in Microsoft Networks - Designing and Implementing Windows based networks (small business or Enterprise) - Domain Models applicable to business needs. - DNS administration - Choosing and deploying a MS client operating system - Choosing network elements, essential networking protocols and devices and how they align with the OSI model. - Deploying secure websites with Internet Information Server in an Intranet and Internet setting. - Design and implementation of Exchange and Outlook Web Access. - Protecting network resources and improving information access time using Proxy Servers - Packet Filtering with IOS access-lists -Analyzing technical and business constraints in network design - Choosing switching and routing devices and protocols. - Developing network security/management strategies. Show less